 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.103467 |
| Categoría: | VMware Local Security Checks |
| Título: | VMware ESXi/ESX patches resolve multiple security issues (VMSA-2010-0007) |
| Resumen: | The remote ESXi is missing one or more security related Updates from VMSA-2010-0007. |
| Descripción: | Summary: The remote ESXi is missing one or more security related Updates from VMSA-2010-0007. Vulnerability Insight: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues: a. Windows-based VMware Tools Unsafe Library Loading vulnerability A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems. b. Windows-based VMware Tools Arbitrary Code Execution vulnerability A vulnerability in the way VMware executables are loaded allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems. c. Windows-based VMware Workstation and Player host privilege escalation A vulnerability in the USB service allows for a privilege escalation. A local attacker on the host of a Windows-based Operating System where VMware Workstation or VMware Player is installed could plant a malicious executable on the host and elevate their privileges. d. Third party library update for libpng to version 1.2.37 The libpng libraries through 1.2.35 contain an uninitialized-memory-read bug that may have security implications. Specifically, 1-bit (2-color) interlaced images whose widths are not divisible by 8 may result in several uninitialized bits at the end of certain rows in certain interlace passes being returned to the user. An application that failed to mask these out-of-bounds pixels might display or process them, albeit presumably with benign results in most cases. e. VMware VMnc Codec heap overflow vulnerabilities f. VMware Remote Console format string vulnerability VMware Remote Console (VMrc) contains a format string vulnerability. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed. Under the following two conditions your version of VMrc is likely to be affected: - the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0 without patch ESX400-200911223-UG and - VMrc is installed on a Windows-based system g. Windows-based VMware authd remote denial of service A vulnerability in vmware-authd could cause a denial of service condition on Windows-based hosts. The denial of service is limited to a crash of authd. h. Potential information leak via hosted networking stack A vulnerability in the virtual networking stack of VMware hosted products could allow host information disclosure. i. Linux-based vmrun format string vulnerability A format string vulnerability in vmrun could allow arbitrary code execution. Vulnerability Impact: a. Windows-based VMware Tools Unsafe Library Loading vulnerability In order for an attacker to exploit the vulnerability, the attacker would need to lure the user that is logged on a Windows Guest Operating System to click on the attacker's file on a network share. This file could be in any file format. The attacker will need to have the ability to host their malicious files on a network share. b. Windows-based VMware Tools Arbitrary Code Execution vulnerability In order for an attacker to exploit the vulnerability, the attacker would need to be able to plant their malicious executable in a certain location on the Virtual Machine of the user. On most recent versions of Windows (XP, Vista) the attacker would need to have administrator privileges to plant the malicious executable in the right location. c. Windows-based VMware Workstation and Player host privilege escalation In order for an attacker to exploit the vulnerability, the attacker would need to be able to plant their malicious executable in a certain location on the host machine. On most recent versions of Windows (XP, Vista) the attacker would need to have administrator privileges to plant the malicious executable in the right location. e. VMware VMnc Codec heap overflow vulnerabilities Vulnerabilities in the decoder allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed. f. VMware Remote Console format string vulnerability For an attack to be successful, an attacker would need to trick the VMrc user into opening a malicious Web page or following a malicious URL. Code execution would be at the privilege level of the user. h. Potential information leak via hosted networking stack A guest operating system could send memory from the host vmware-vmx process to the virtual network adapter and potentially to the host's physical Ethernet wire. i. Linux-based vmrun format string vulnerability If a vmrun command is issued and processes are listed, code could be executed in the context of the user listing the processes. Affected Software/OS: VMware ESXi 4.0 before patch ESXi400-201002402-BG VMware ESXi 3.5 before patch ESXe350-200912401-T-BG VMware ESX 4.0 without patches ESX400-201002401-BG, ESX400-200911223-UG VMware ESX 3.5 without patch ESX350-200912401-BG VMware ESX 3.0.3 without patch ESX303-201002203-UG VMware ESX 2.5.5 without Upgrade Patch 15 Solution: Apply the missing patch(es). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1142 BugTraq ID: 39394 http://www.securityfocus.com/bid/39394 Bugtraq: 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (Google Search) http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://security.gentoo.org/glsa/glsa-201209-25.xml http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://www.securitytracker.com/id?1023832 http://www.securitytracker.com/id?1023833 http://secunia.com/advisories/39198 http://secunia.com/advisories/39206 Common Vulnerability Exposure (CVE) ID: CVE-2010-1140 BugTraq ID: 39397 http://www.securityfocus.com/bid/39397 http://securitytracker.com/id?1023834 Common Vulnerability Exposure (CVE) ID: CVE-2009-2042 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 35233 http://www.securityfocus.com/bid/35233 Debian Security Information: DSA-2032 (Google Search) http://www.debian.org/security/2010/dsa-2032 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html http://security.gentoo.org/glsa/glsa-200906-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:063 http://secunia.com/advisories/35346 http://secunia.com/advisories/35470 http://secunia.com/advisories/35524 http://secunia.com/advisories/35594 http://secunia.com/advisories/39215 http://secunia.com/advisories/39251 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809 http://ubuntu.com/usn/usn-913-1 http://www.vupen.com/english/advisories/2009/1510 http://www.vupen.com/english/advisories/2010/0637 http://www.vupen.com/english/advisories/2010/0682 http://www.vupen.com/english/advisories/2010/0847 XForce ISS Database: libpng-interlaced-image-info-disclosure(50966) https://exchange.xforce.ibmcloud.com/vulnerabilities/50966 Common Vulnerability Exposure (CVE) ID: CVE-2009-1564 BugTraq ID: 39363 http://www.securityfocus.com/bid/39363 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866 http://secunia.com/secunia_research/2009-36/ http://osvdb.org/63614 http://www.securitytracker.com/id?1023838 http://secunia.com/advisories/36712 Common Vulnerability Exposure (CVE) ID: CVE-2009-1565 BugTraq ID: 39364 http://www.securityfocus.com/bid/39364 http://secunia.com/secunia_research/2009-37/ http://www.osvdb.org/63615 Common Vulnerability Exposure (CVE) ID: CVE-2009-3732 http://secunia.com/advisories/39110 Common Vulnerability Exposure (CVE) ID: CVE-2009-3707 BugTraq ID: 36630 http://www.securityfocus.com/bid/36630 http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html http://securitytracker.com/id?1022997 http://secunia.com/advisories/36988 Common Vulnerability Exposure (CVE) ID: CVE-2010-1138 BugTraq ID: 39395 http://www.securityfocus.com/bid/39395 http://osvdb.org/63607 http://www.securitytracker.com/id?1023836 http://secunia.com/advisories/39203 Common Vulnerability Exposure (CVE) ID: CVE-2010-1139 BugTraq ID: 39407 http://www.securityfocus.com/bid/39407 http://osvdb.org/63606 http://www.securitytracker.com/id?1023835 http://secunia.com/advisories/39201 Common Vulnerability Exposure (CVE) ID: CVE-2010-1141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |